<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="Importing a Certificate">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="en-us_topic_0000002200029781.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="">
<meta name="DC.Publisher" content="20250306">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000002164629068">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>Importing a Certificate</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000002164629068"></a><a name="EN-US_TOPIC_0000002164629068"></a>

<h1 class="topictitle1">Importing a Certificate</h1>
<div><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_p968319225509">This section describes how to update certificates through certificate importing.</p>
<div class="section" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_section5166455152915"><h4 class="sectiontitle">Context</h4><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p1418115589292">The client certificate is used to ensure communication security between the client and the <span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text1389102603210">OceanProtect</span>. The server certificate is used to ensure communication security when the <span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text089142673212">OceanProtect</span> receives external access requests. The internal communication certificate and internal database certificate are used only to ensure internal communication security among internal components of the <span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text19528145142712">OceanProtect</span>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_section19640436665"><h4 class="sectiontitle">Precautions</h4><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p1614312114711">To ensure the security when the management IP addresses or domain names of multiple controllers are used to access the storage system, ensure that the certificate signing request (CSR) file contains the management IP addresses or domain names of these controllers. After obtaining the certificate file from the CA, open the certificate file in the Windows operating system. On the <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b873105115815">Details</strong> tab page, check whether the value of <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b2069517148595">Subject Alternative Name</strong> contains the domain names or management IP addresses of multiple controllers. The following example indicates that <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b1928971299">thtest.spe02.com</strong> and <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b17356611142912">thtest2.spe02.com</strong> can be used to access the storage system securely.</p>
<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p122494559557"><span><img id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_image1499414644514" src="en-us_image_0000002164763942.png"></span></p>
</div>
<div class="section" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_section364572881212"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0223232411_ol48781090"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0223232618_li3061316"><span>Choose <span class="menucascade" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_menucascade8194162364916"><b><span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_uicontrol91941523104915"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_text1761214215505"><strong>System</strong></span></span></b> &gt; <b><span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_uicontrol18595152410491"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_text1080662810507"><strong>Security</strong></span></span></b> &gt; <b><span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_uicontrol13841929154910"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000002200004905_en-us_topic_0000001263613156_text3285194545012"><strong>Certificate</strong></span></span></b></span>.</span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0274211889_en-us_topic_0224938451_li18900716111720"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_uicontrol1288183253719"><b><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text14526153812368"><strong>More</strong></span></b></span> on the right of a certificate.</span><p><ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_ul3208960578"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li1820886135713">Client certificate/Server certificate/Internal communication certificate/Internal database certificate<ol type="a" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_ol964810142571"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li1648131485714">Select <span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_uicontrol129843326381"><b><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text550113579267"><strong>Import Certificate</strong></span></b></span>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810">Set certificate information.<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_p20950171095812"><a name="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810"></a><a name="en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810"></a><a href="#EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_table873512316535">Table 1</a> lists the parameters.</p>

<div class="tablenoborder"><a name="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_table873512316535"></a><a name="en-us_topic_0000002164604150_en-us_topic_0000001311093369_table873512316535"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_table873512316535" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Certificate parameters</caption><colgroup><col style="width:14.299999999999999%"><col style="width:59.099999999999994%"><col style="width:26.6%"></colgroup><thead align="left"><tr id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_row15736172345313"><th align="left" class="cellrowborder" valign="top" width="14.299999999999999%" id="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.1"><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p187361123105312">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="59.099999999999994%" id="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.2"><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p207361423165316">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="26.6%" id="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.3"><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p13439721254">Remarks</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_row1173622315315"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p421118911570"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text1433854010578"><strong>CA Certificate</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p197361423115314">Click <span><img id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_image6876143882219" src="en-us_image_0000002164604186.png"></span> and select the CA certificate file corresponding to the certificate to be imported.</p>
<div class="note" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_note1273618234537"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_ul1873642345318"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li13736172365317">The size of the CA certificate file to be imported cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li47361923165315">The content of the CA certificate file to be imported must be in <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b631057194310">x.509</strong> format, and the file name extension must be <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b13475764317">.pem</strong>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li52941752152020">If the CA certificate file is not the root one, add a certificate chain file. For details about how to create a certificate chain file, see <a href="en-us_topic_0000002200004901.html">Creating a Certificate Chain File</a>. A maximum of three levels of CAs are supported for the server certificate and client certificate.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li920514105222">The internal communication certificate or internal database certificate supports only one level of CA.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p4615902714">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_ul54671421673"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li1448718164118"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text750414914490"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li1375132813114"><strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b22778216381">Client Certificate</strong></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li74671121476"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text79981522194917"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li17134961573"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text20920162817495"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_row14736192317537"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p1773672345313"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text129008714288"><strong>Server Certificate</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p12736132395312">Click <span><img id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_image1244052616389" src="en-us_image_0000002164604182.png"></span> and select the server certificate file to be imported.</p>
<div class="note" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_note147361323105317"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_ul773612395310"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li073618232531">The size of the certificate file to be imported cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li77361723185318">The content of the certificate file to be imported must be in <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b105926016456">x.509</strong> format, and the file name extension must be <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b125981208457">.pem</strong>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li4296142914710">The common name (CN) of the server certificate must be different from that of the CA certificate.<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p10463202015201"><a name="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li4296142914710"></a><a name="en-us_topic_0000002164604150_en-us_topic_0000001311093369_li4296142914710"></a>Check method: Open the server certificate in CER format and check whether the value of <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b116843451547">Issued to</strong> (CN of the server certificate) is different from the value of <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b66911545241">Issued by</strong> (CN of the CA certificate) on the <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b8691194517411">General</strong> tab page.</p>
</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li8169939376">The common name (CN) of the client server certificate must be <span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_uicontrol66082471386"><b>OceanProtect-AGENT</b></span>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li19052315203">For the internal communication certificate and internal database certificate, SubjectAltName (SAN) must be configured for the server certificate, and SAN must contain <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b1926513519416">DNS:*.dpa.svc.cluster.local</strong>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li152432910135">If the server certificate uses a level-2 CA certificate, the ClientAuth function must be enabled for the server certificate. Otherwise, the mutual certificate authentication function will be affected and services will be unavailable.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p11689653504">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_ul86891150500"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li168912515502"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text668915105015"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li196891513504"><strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b715973193819">Client Certificate</strong></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li5689185115017"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text6689755509"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li568915115013"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text1568911512508"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_row373617231534"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p173662317539"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text587115191289"><strong>Server Private Key</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p14736923185319">Click <span><img id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_image4943131772615" src="en-us_image_0000002199970541.png"></span> and select the private key file corresponding to the server certificate file to be imported.</p>
<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p71601758104914">If the server certificate is issued by the CA based on the request file exported from the <span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text47451413302">OceanProtect</span>, you do not need to set this parameter.</p>
<div class="note" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_note187361123125313"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_ul773642311538"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li9736112319533">The size of the private key file cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li1573612311532">The extension of the private key file must be <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_b13501831104518">.pem</strong>.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li911154919211">The private key file must be encrypted. If your private key file is in plaintext, perform operations by referring to <a href="en-us_topic_0000002199970501.html">Encrypting the Plaintext Private Key File</a>.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p1047918287504">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_ul2479162835019"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li1747910281506"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text154797284508"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li16479132810501"><strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b191603313383">Client Certificate</strong></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li8479228185011"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text15479132817504"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li1647932845020"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text1647932855010"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_row77369237535"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p15736182385312"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text12260152742815"><strong>Server Private Key Password</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p2073632385316">Import the password of the server private key file.</p>
<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p1958245195120">If the server certificate is issued by the CA based on the request file exported from the <span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text251413548327">OceanProtect</span>, you do not need to set this parameter.</p>
<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p873612315533">[Value range]</p>
<p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p873682385317">The value contains 1 to 512 characters.</p>
<div class="note" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_note66988512353"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_p156987520352">For the internal communication certificate, the password must contain 8 to 64 characters, including digits, uppercase letters, lowercase letters, and special characters.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.1.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_p3751736125014">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_ul775183665013"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li117511736135016"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text37511336145015"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li12752183613500"><strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b1216083143811">Client Certificate</strong></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li2752113616506"><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_text157521636185010"><strong>Internal communication Certificate</strong></span></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_note420122614368"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_ul2568183912262"><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li10617949153020">If the certificate to be imported is a server certificate or client certificate, the system will push the CA certificate to all member nodes after the certificate is imported.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li15681939152612">In the remote replication scenario, after replacing the server certificate of the source or target end, you need to use the certificate issued by the same CA certificate to replace the server certificate of the other end. Otherwise, remote replication will fail.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_li75697397266">Assume that the client has been installed and the server certificate is to be updated. If the new server certificate and client certificate are not issued by the same CA certificate, replace the client certificate by referring to <a href="en-us_topic_0000002164604142.html">Replacing the SSL Certificate of the Client (Non-Windows OS)</a> after the server certificate is updated.</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li14512092518">Only certificates whose signature algorithm is SHA-256, SHA-384, or SHA-512 can be imported.</li></ul>
</div></div>
</li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_li976719536352">On the displayed <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b387216446266">Danger</strong> dialog box, select <strong id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_b44981818171612">I have read and understand the consequences associated with performing this operation</strong>. Then, click <span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_uicontrol93986558216"><b>OK</b></span>.</li></ol>
</li></ul>
</p></li><li id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_en-us_topic_0267359412_li19950112183913"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_uicontrol531873373910"><b><span id="EN-US_TOPIC_0000002164629068__en-us_topic_0000002164604150_en-us_topic_0000001311093369_text937941184019"><strong>OK</strong></span></b></span>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000002200029781.html">Managing Certificates</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>